It is doing something different than RFC 6238, which theoretically is more secure. The way they have it implemented is worse than if they did nothing though. If they cared at all about security they would have pulled it down years ago when this vector being abused was first being reported by users. But nope admitting a mistake isn't in the vocabulary of. The leaders definitely know what they're doing.
Yes, there are so many other 2FA authenticators, many of them even open-source. Why would you ever use the Microsoft one?
It is doing something different than RFC 6238, which theoretically is more secure. The way they have it implemented is worse than if they did nothing though. If they cared at all about security they would have pulled it down years ago when this vector being abused was first being reported by users. But nope admitting a mistake isn't in the vocabulary of. The leaders definitely know what they're doing.